<%
=begin
apps: kafka
platforms: kubernetes, tanzu-application-catalog
id: enable_security
title: Enable security for Kafka and Zookeeper
category: administration
weight: 60
=end %>

It is possible to configure different authentication protocols for each listener configured in Kafka. For instance, you can use *sasl_tls* authentication for client communications, while using *tls* for inter-broker communications. This table shows the available protocols and the security they provide:

| Method    | Authentication               | Encryption via TLS |
|-----------|------------------------------|--------------------|
| plaintext | None                         | No                 |
| tls       | None                         | Yes                |
| mtls      | Yes (two-way authentication) | Yes                |
| sasl      | Yes (via SASL)               | No                 |
| sasl_tls  | Yes (via SASL)               | Yes                |

Configure the authentication protocols for client and inter-broker communications by setting the *auth.clientProtocol* and *auth.interBrokerProtocol* parameters to the desired ones, respectively.

### Enable TLS Authentication

Learn how to [configure TLS authentication](../../administration/enable-tls/).

### Enable SASL Authentication

If SASL authentication is enabled on any listener, set the SASL credentials using the parameters below:

* *auth.sasl.jaas.clientUser* / *auth.sasl.jaas.clientPassword*: Use these when enabling SASL authentication for communications with clients.
* *auth.sasl.jaas.interBrokerUser* / *auth.sasl.jaas.interBrokerPassword*: Use these when enabling SASL authentication for inter-broker communications.
* *auth.sasl.jaas.zookeeperUser* / *auth.sasl.jaas.zookeeperPassword*: Use these when the Zookeeper chart is deployed with SASL authentication enabled.

To limit the allowed SASL mechanisms, use the parameters below:

* *auth.sasl.mechanisms*: The list of allowed SASL mechanisms. Allowed values are: *plain*, *scram-sha-256*, and *scram-sha-512*.
* *auth.sasl.interBrokerMechanism*: The SASL mechanism to use for inter-broker communications.
